[Samba] Windows clients connecting to Samba with OpenLDAP password backend
Gaiseric Vandal
gaiseric.vandal at gmail.com
Mon Nov 2 07:30:43 MST 2009
Are you using UFS or ZFS on the underlying file system- ZFS has a lot
more granularity - which is both a blessing and curse when it comes do
ZFS / Windows ACL integration. Although why smbclient should be
different either I don't know.
Are the initial ACL entries the same on a new file or directory when
created with Windows vs smbclient?
Are you using winbind at all? Is the server a PDC? Are there
multiple servers?
I ran into one issue with samba member servers in a domain: if I set
looked at permissions via windows it would show entries for
"UNIX/somename" not "MYDOMAIN/somename." (this was when I was using
LDAP for unix accounts but not for the actual samba passwords.
On 11/02/09 08:38, Adam Tauno Williams wrote:
> On Mon, 2009-11-02 at 12:56 +0000, Jonathan Adams wrote:
>
>> I am having real troubles with one of our servers.
>> Background:
>> We have been using samba in our company for more than 11 years now, since
>> version 1.9.16 ...
>> We run Sun Solaris on our servers.
>> We used to run NIS+ as our password system, but due to it's almost
>> impossibility to manage (basically only I knew how) we've moved to LDAP ...
>> We have now decided to centralize all our Samba passwords into the LDAP.
>>
> Because LDAP is easier to manage! :) I've been an OpenLDAP admin for 10
> + years... that really illustrates how horrible NIS was.
>
>
>> On the one machine configured to use LDAP for passwords we have a mysterious
>> problem, If we access the machine via a Windows computer (XP, Vista, etc) we
>> can create files and folders we can even rename and delete folders, but we
>> cannot rename or delete files.
>>
> This sounds like a basic permissions problem. If NSS is working, and
> you've authenticated, it pretty much has to be a permissions problem.
>
>
>> If we access the machine via a Solaris or Linux machine using smbclient we
>> can do everything.
>>
> Maybe those are invoking "unix extensions". I've got no clue how that
> specifically would effect permission handling.
>
>
>> I originally wondered if it was due to the Sun compiled Samba 3.0.35 server
>> that is installed, so i removed it and compiled in 3.4.2 with OpenLDAP
>> support, but it has exactly the same issues.
>>
> Which even more strongly points to a permissions issue.
>
>
>> This problem does not occur on our other machines (that run ldap as their
>> naming service in all but samba) ...
>>
> I'm not sure what this means.
>
>
>> I'm happy to show all relevant information and logs/debugs if
>> necessary
>> I have seen some people talk about this before on the internet, but there
>> doesn't appear to be any answer.
>>
>
>
More information about the samba
mailing list